Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
27-03-2024 10:37
General
-
Target
2024-03-27_856ca56e5fbc8d2bbab859f798420c20_goldeneye.exe
-
Size
216KB
-
MD5
856ca56e5fbc8d2bbab859f798420c20
-
SHA1
083e7a153bcbea1f3ecd0db8ebb6c87b6a3d2468
-
SHA256
80cff6c6a11d7ea476a8d0863a0e70e369ef6a841a0462f679d24b422d01715e
-
SHA512
5e6b9939641a4f2cb6a4aca2b5533e9a77e51095e6f21e0769d99c4015b8e94b2bb20d9fcceb79b28e8380d31f717a7c9334592c049c1ca1af6c1300265155f7
-
SSDEEP
3072:jEGh0oNl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGblEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-27_856ca56e5fbc8d2bbab859f798420c20_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-27_856ca56e5fbc8d2bbab859f798420c20_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A018223F-E441-421d-BDED-8CF3F7331B91}.exeC:\Windows\{A018223F-E441-421d-BDED-8CF3F7331B91}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A1B50505-42B1-475a-8959-D60BF2474666}.exeC:\Windows\{A1B50505-42B1-475a-8959-D60BF2474666}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{932BFDC7-0E39-4841-AE22-BAC7629A36C5}.exeC:\Windows\{932BFDC7-0E39-4841-AE22-BAC7629A36C5}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2D80BA58-F9EF-415e-929A-31FE5995D41A}.exeC:\Windows\{2D80BA58-F9EF-415e-929A-31FE5995D41A}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CC20BEA3-71E0-4e47-A62B-69D420E9AAD5}.exeC:\Windows\{CC20BEA3-71E0-4e47-A62B-69D420E9AAD5}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{76F8F07A-9248-4a80-8C68-BAB4BEDF9F98}.exeC:\Windows\{76F8F07A-9248-4a80-8C68-BAB4BEDF9F98}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{914D492E-2295-4de8-904A-30CA0F260252}.exeC:\Windows\{914D492E-2295-4de8-904A-30CA0F260252}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{218DC577-C0DF-4a5f-B8CC-F64850FE4580}.exeC:\Windows\{218DC577-C0DF-4a5f-B8CC-F64850FE4580}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3C32ED75-7EBE-4fd3-BCC8-05323E2CA143}.exeC:\Windows\{3C32ED75-7EBE-4fd3-BCC8-05323E2CA143}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A8B2B477-BAD5-4227-A05B-32D84D8EA63C}.exeC:\Windows\{A8B2B477-BAD5-4227-A05B-32D84D8EA63C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F0BD7FFA-5CC2-4591-9652-2630BD5A55B1}.exeC:\Windows\{F0BD7FFA-5CC2-4591-9652-2630BD5A55B1}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{948E660C-4908-4ed2-A38A-71C9014C9769}.exeC:\Windows\{948E660C-4908-4ed2-A38A-71C9014C9769}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F0BD7~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A8B2B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3C32E~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{218DC~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{914D4~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{76F8F~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CC20B~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2D80B~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{932BF~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A1B50~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A0182~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD57b0bc7b2f7ce5db48f9618e715964d56
SHA10df64584b5b46e1d243b0bf88e68b3963e24ab06
SHA256ea26322b5b061808cdd632a4ec5b2b28a6d24a61447dff5aec2eb57f5cf2d485
SHA512db818110625b5f0870c4173d7137fbdd7fbcb2039ea06f434b260e23ef0b78f3fa78dc41d454fb5c2e62b0d73aaa5d1086118d6456691fa75f62243e100bb2ce
-
Filesize
216KB
MD58039acb75e5432ccee42b29b4b670dd3
SHA1dd0370dcbb76f60db16fc1cfc897cb0b2e1e47f0
SHA256a6f2525827eff5e47907f6f96f365007e1682104f266c69aac4c37db25caeeec
SHA512807dd8cf65f63b468c49f00b3482f11ca3008378c315844797ddc74b32cd54f86f0496398f3e3cfdaba43ecd89725ee917f74772d79582be9843f2d583dda894
-
Filesize
216KB
MD5a4d85b2e64c97c751e4ad4d5cc893812
SHA1b293518e5565f1ecf4a099de169ae64d9260b995
SHA25686ac553860d1ec78f535236df8d486da73915c8fb3dde36b682b8cbc3911d2b6
SHA512470e0dae61790a576c3b7606f51b92709a3e46a319326c004697e809cc7ccc08bd78f3ff23c965533585168f9a5b1f743f51e75080a70203e8c4ee2f46d730c0
-
Filesize
216KB
MD5a339b803ecf0d692f1020b08464520f6
SHA1cfaba7554cc8d65b86cea4d1070700dcf44bdc25
SHA256830937751562eebae1e277db9683ac4987a0363d3ef7acc5ebc37fa1d43bd29d
SHA51291ee3adfad2943bee48db6dfe3c1daa5a8fce0c6a70d59b1419d1d6f41eece78b0f7f33511bbd041d8f94e3126e9f0a8b0b41623b0778cce959555de4d968f49
-
Filesize
216KB
MD5505bcb05df0341fa357a64142a73871f
SHA18a81181c841c824c5bd9da0bed7cf838e03d16e7
SHA256a412650d9b9f7424d036242f9f852a4828d0316b09145157bba4488ff537ecdd
SHA51293581b053d548f9852c806f9d874877e3f908b7dd6d6f9bfd8a546910f7e814e799df2a73a1a1278445c9202f2bb7c68837bb995314304491db15e5262d14328
-
Filesize
216KB
MD5ca4f3f24aa0cecce300560eacd868661
SHA121ad0ad27db7aa4ae5b0746c16d1102fd84f0af3
SHA25695c6443e277b2a05f4471d51a670b33a69d7a068639060463f10e3a277c78283
SHA5122068bb2e2ef4f03caa5d5bec9fe20e512e0e2af0f17dcb7798118236dc54c615af838783ec19b6e0529be47f32e1b6309d1cb8bc28887a8de21aebff85ff5baa
-
Filesize
216KB
MD5a21703540b26db63414d1331be652267
SHA1d39e157b2f1020a12c7e130ac3dcdbc1a294b031
SHA256d1aa0ec34543931916f4c3216c62e52e39ecba78e7fe3cfd2152760c063d11b9
SHA51233d26a434c11d0552a239f4a85da557516517460bd59a6dac45016ed007c50bc1ee0157c308e389393d39bace21919a69c6f09bb49271068e3c5d6b714daf6a3
-
Filesize
216KB
MD517aa1fb1471e0abf328f23a577c9c863
SHA13724df8f9090bc402b2fb93b2ec990f6bdce17a4
SHA25667c7ce69a597348b2711bb374e6cf071fcf3ef8b9136b10bfb67fed9ada498b7
SHA51241a23e22965d92a1aa3f834e68d147f4582d094404e226f4cc6ad050da746878d767fa7ebf4bc21ce5e4793afdca89516faf151a287af036202a77bcdbaa7210
-
Filesize
216KB
MD58bdcd5d2886f02e2305e0a76cffe67a5
SHA1cb14f736efbfb14336534ecebd0bdea2acf780e6
SHA256623c75579e1106dd8ee4972335c272ea58f096c3623467248c90383f83df14e8
SHA512b3dfe66c4388881205423db6e110a087a22bac9604efba632daf1c003add6e55360040a8e9374badbe6a27181b1ca3d3efd8105af754dd666a4549e1dd6975f2
-
Filesize
216KB
MD564eb17ac8b10f4f24470aeadc3d71d90
SHA14cfb7f738560ffbe0d6a41bc628afc6814d36132
SHA2564814f64c07590e990649b875f7d61184dfd268833ad85b9858c41dbd01aa2806
SHA512df7b3bc6a2b823601cdff4a11deab105d40007275c8be2bfe9513e622d0aa7c269721faf39ca83f0921b9ef9647884e7da0956e3eb78b0ec89c0f1dad4ddb45a
-
Filesize
216KB
MD56113ca66156befaca53d0392c4659130
SHA15c5d4724c0b4b3e7880ddd6c30d621a8fc3fc214
SHA256e912222d9100d457e45e9c6ba1139cc2acfa1bb2bc555ff00a89028241f4dcf2
SHA5123aaf988ee3d64f31d06d30c7a87c18ef1af2a8e7d93f0eb32fd5be4bdd5050a5339959e54a6776696264a0ecb51aa0361a4905f29365acca89922053062680b7
-
Filesize
216KB
MD595c673f66ca6c8e9795f5f2d3d9e58da
SHA1bbd3ae756a65223a85ea4e5d0e66ebb8ab54e339
SHA2560fb51e584d2f64055415e6d2af36382cd19105163afdd4a8b4056c3ca7641170
SHA5120dd772f7d006c30d1fb2db68e3e64225e28356e899c35c72b965216de2e2b2d48a3ff8d329d003e1dbd9cc339e7f70cb4590a9d403c01611d0ae2538bc238296